How-To: Add Users and Groups to a Repo using GraphQL

To create a new group using GraphQL API, your on-prem Humio installation should use the Advanced permission model.

In Humio configuration, enable the environment variable to support the advanced permission model:

If you’re on Cloud the advanced model is enabled by default.

Then you can follow these steps:

  1. Create a new repo called <repo_name> from the UI.

  2. Create a group that you will use for <repo_name> repository called <repo_name>.<role> (e.g. my-new-repo.admins)

    graphql
    mutation {
        addGroup(displayName:"<repo_name>.<role>",lookupName:"<repo_name>.<role>"){
          group{
            id
          }
       }
    }
    

    You will need the returned group_ID later in step 4.

  3. Find the repository id with this query:

    graphql
    query {
      repository(name:"<repo_name>"){
        id
      }
    }
    
  4. Use the repository ID from step 3 as the viewId and the group ID from step 2 as the groupId in the following mutation:

    graphql
    mutation {
      assignRoleToGroup(input:{viewId:"<repo_ID>",groupId:"<group_ID>",roleId:"<role_string>"}) {
        clientMutationId
      }
    }
    

    Available roles can be found on the Organization settings page, Roles section. Copy the string as it is case-sensitive, for example, admin, member, etc. and use it as the roleId.

    clientMutationId is deprecated (will be removed in the future), it’s fine that it’s null; you don’t need it.

  5. Get the ID of the user you want to add to the new group:

    graphql
    query {
      users(search:"<user_email>"){
        id
      }
    }
    
  6. Use the user ID from step 5 and the group ID from step 2, in the following query (you can add multiple IDs at once, using an array of IDs):

    graphql
    mutation {
      addUsersToGroup(input: {users:["<user_ID>"], groupId:"<group_ID>"}) {
        clientMutationId
      }
    }
    
  7. Go to the UI Organization settings section to check that the process has been successful.